deploy an end-to-end iot application deploy the aws cloudformation template aws cloudformation is a

Download Deploy an End-to-End IoT Application Deploy the AWS CloudFormation Template AWS CloudFormation is a

If you can't read please download the document

Post on 26-Aug-2020




0 download

Embed Size (px)


  • Deploy an End-to-End IoT Application

    February 2017

  • © 2017, Amazon Web Services, Inc. or its affiliates. All rights reserved.

    Notices This document is provided for informational purposes only. It represents AWS’s current product offerings and practices as of the date of issue of this document, which are subject to change without notice. Customers are responsible for making their own independent assessment of the information in this document and any use of AWS’s products or services, each of which is provided “as is” without warranty of any kind, whether express or implied. This document does not create any warranties, representations, contractual commitments, conditions or assurances from AWS, its affiliates, suppliers or licensors. The responsibilities and liabilities of AWS to its customers are controlled by AWS agreements, and this document is not part of, nor does it modify, any agreement between AWS and its customers.

  • Contents

    Step 1: Set Up the Environment 1

    Create an SSH Keypair 1

    Deploy the AWS CloudFormation Template 2

    Confirmation: Connecting to your Instance 4

    Step 2: Set Up AWS IoT 7

    AWS IoT Overview 7

    Create the AWS IoT Resources 7

    Create an IoT Thing 8

    Create an IoT Policy 10

    Create an IoT Certificate 11

    Configure and Run the Device Simulator 12

    Create an IoT Rule and Action 12

    Confirmation: View Device Messages with the AWS IoT MQTT Client 14

    Step 3: Process and Visualize Streaming Data 16

    Dashboard Overview 16

    Create the IoT Rules and Actions 18

    Test the APIs 20

    Deploy the Real-Time Dashboard 21

    Host a Static Website on Amazon S3 22

    Step 4: Clean Up the Environment 25

    Clean up IOT Resources 25

    Clean up the S3 bucket 25

    Delete the CloudFormation Stack 25

    Additional Resources 25

  • Amazon Web Services – Deploy an End-to-End IoT Application

    Page 1

    Step 1: Set Up the Environment

    Create an SSH Keypair

    In this tutorial, an EC2 instance is used to simulate your IoT devices. Amazon EC2 uses public–key cryptography to encrypt and decrypt login information. Public–key cryptography uses a public key to encrypt a piece of data, such as a password, then the recipient uses the private key to decrypt the data. The public and private keys are known as a key pair.

    To create your IoT environment, you will need to create an SSH keypair that will be used to access your device simulator EC2 instance. The following steps outline creating a unique SSH keypair to use in this lab.

    1. Sign into the AWS Management Console and open the Amazon EC2 console at

    2. In the upper-right corner of the AWS Management Console, confirm you are in the desired AWS region. Make sure to select a region that supports AWS IoT

    3. In the navigation pane on the left, under NETWORK & SECURITY, choose Key


  • Amazon Web Services – Deploy an End-to-End IoT Application

    Page 2

    4. Choose Create Key Pair.

    5. Enter a name for the new key pair in dialog box, and then choose Create.

    The private key file is automatically downloaded by your browser. The base file name is the name you specified as the name of your key pair, and the file name extension is .pem. Save the private key file in a safe place.

    Important: This is the only chance for you to save the private key file. You'll need to provide the name of your key pair when you launch an instance and the corresponding private key each time you connect to the instance.

    Deploy the AWS CloudFormation Template

    AWS CloudFormation is a service that helps you model and set up your Amazon Web Services resources as code so that you can spend less time managing those resources and more time focusing on your applications that run in AWS. We have created a template (written in JSON) that defines the AWS resources that are needed for the sample IoT application. AWS CloudFormation then uses that template to provision and configure those resources for you. You don't need to individually create and configure AWS resources and figure out what's dependent on what; AWS CloudFormation handles all of that.

    1. Sign in to the AWS Management Console

    2. If this is a new AWS CloudFormation account, click Create New Stack. Otherwise, click Create Stack.

  • Amazon Web Services – Deploy an End-to-End IoT Application

    Page 3

    3. In the Template section, select Specify an Amazon S3 Template URL to type or paste the following URL for the IoT Getting Started template:

    4. Click Next.

    5. In the Stack name field, enter a friendly name for the IoT stack. A shorter name here will improve readability in future modules (e.g. IoTGS).

    6. In the KeyName field, select the keypair you created earlier. This will "key" your EC2 instance with the appropriate public key.

    7. On the Options page, leave all defaults and click Next.

    8. On the Review screen, confirm the configuration, check the box that says I acknowledge that AWS CloudFormation might create IAM resources, and click Create.

    9. The environment can take a few minutes to provision completely. You can refresh periodically to monitor the creation of the stack. When AWS CloudFormation is finished creating the stack, the status will show CREATE_COMPLETE.

    10. Select the check box beside your stack and then click on the Outputs tab below.

  • Amazon Web Services – Deploy an End-to-End IoT Application

    Page 4

    11. Note the IpAddressEc2DeviceSimulator Value. This is the public IP address of your IoT Device Simulator EC2 instance.

    Confirmation: Connecting to your Instance

    We will now confirm that we have access to the EC2 instance that will be simulating the IoT devices. Follow the instructions for your operating system.

    Mac or Linux (OpenSSH)

    By default, both Mac OS X and Linux operating systems ship with an SSH client that you can use to connect to your EC2 Linux instances. To use the SSH client with the key you created, a few steps are required.

    1. Use the following command to set the permissions of your private key file so that only you can read it. Replace IoT-GettingStarted-Key.pem with the name of your SSH key pair.

    $ chmod 400 IoT-GettingStarted-Key.pem

    2. Use your private key when connecting to the instance. You will reference your private key file and the default user name which is ec2-user. The format of the ssh client is as follows: $ ssh -i IoT-GettingStarted-Key.pem ec2-user@

    3. Type Yes to accept the fingerprint. You should now be connected to your instance.

    Windows (PuTTY)

    This is a Windows-only step, because other operating systems have SSH built in. Download and install PuTTY. The single word “putty” in Google will return a list of download sites. Be certain that you install both PuTTY and PuTTYGen

    1. Launch PuTTYGen and choose Conversions -> Import Key. Browse for the downloaded pem file (e.g., IoT-GettingStarted-Key.pem) and import the key. The result will look similar to this:

  • Amazon Web Services – Deploy an End-to-End IoT Application

    Page 5

    2. Save the key as the same file name with a .ppk extension. Click File -> Save as

    Private Key. Ignore the dialog that asks if you want to do this without a passphrase.

    3. Close PuTTYGen.

    4. Open PuTTY.

    5. On the left menu expand Connection -> SSH and select the Auth sub-menu. Click Browse and select your PPK file from the previous step.

    6. Select Connection and configure the keepalive to 60. This will prevent your SSH

    session from timing out.

  • Amazon Web Services – Deploy an End-to-End IoT Application

    Page 6

    7. Select Session on the left. In the Host Name box, enter ec2-user@ followed by the IP address of your Simulator EC2 instance. (e.g. ec2-user@

    8. Click Yes to confirm the fingerprint.

    Note: The SSH fingerprint will eventually show up in the System Log and you can take that and compare it to protect against a man in the middle attack.

    9. You should now be connected to your instance.

  • Amazon Web Services – Deploy an End-to-End IoT Application

    Page 7

    Step 2: Set Up AWS IoT

    AWS IoT Overview

    AWS IoT consists of the following components:

    • Message Broker — Provides a secure mechanism for things and AWS IoT applications to publish and receive messages from each other. You can use either the MQTT protocol directly or MQTT over WebSockets to publish and subscribe. You can use the HTTP REST interface to publish.

    • Rules Engine — Provides message processing and integration with other AWS services. You can use a SQL-based language to select data from message payloads, process the data, and send the data to other services, such as Amazon S3